PT-2018-1703 · Mikrotik · Routeros+1

Published

2018-08-23

Updated

2020-08-24

CVE-2018-1158

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Mikrotik RouterOS versions prior to 6.42.7 Mikrotik RouterOS versions prior to 6.40.9

Description The issue is related to a stack exhaustion vulnerability in the HTTP server of the RouterOS operating system. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. This can be achieved by sending a specially crafted request to the server.

Recommendations For versions prior to 6.42.7, update to version 6.42.7 or later to resolve the issue. For versions prior to 6.40.9, update to version 6.40.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP server to minimize the risk of exploitation.

Exploit

Fix

Stack Overflow

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-674

Related Identifiers

BDU:2018-01263

CVE-2018-1158

Affected Products

Mikrotik Routeros

Routeros

PT-2018-1703 · Mikrotik · Routeros+1

CVE-2018-1158

Weakness Enumeration

Related Identifiers

Affected Products

References · 9